Docs reveal significant increase in ICE data stored on Microsoft cloud: What info is it collecting?
(Konstancija Gasaitytė – Cybernews) An increase in ICE’s budget has enabled the organization to ensure it doesn’t run out of cloud storage. In addition to finding new, technologically advanced ways to conduct its investigations, Immigration and Customs Enforcement (ICE) has also increased its dependence on the Microsoft cloud platform. ICE has increased the amount of data it stores on the Microsoft Azure cloud platform by 3 times in the last 6 months of 2025, according to documents acquired by the Guardian. – https://cybernews.com/security/ice-microsoft-azure-cloud/
AI Assistants Used as Covert Command-and-Control Relays
(Alessandro Mascellino – Infosecurity Magazine) AI assistants with web browsing features can be repurposed as covert command-and-control (C2) channels, allowing malicious traffic to blend into routine enterprise communications. According to new findings from Check Point Research (CPR), platforms including Grok and Microsoft Copilot can be manipulated through their public web interfaces to fetch attacker-controlled URLs and return responses. In effect, the AI service acts as a proxy, relaying commands to infected machines and sending stolen data back out, without requiring an API key or even a registered account. This approach shifts AI from a development aid for attackers into an operational component of malware itself. – https://www.infosecurity-magazine.com/news/ai-assistants-covert-c2-relays/
Why Your Organization Should Start Quantum Preparedness Today (Even If Quantum Computers Are Years Away)
(Moona Ederveen-Schneider – Infosecurity Magazine) Too many industry conversations start like this: “Why should we start preparing now? It sounds really hard”. But adversaries are already preparing. They are already harvesting encrypted data to decrypt it once quantum computers become powerful enough. These “harvest now, decrypt later” attacks are happening today, in secret. If your organization holds data that will still be sensitive in 5, 10, or 20 years, that data is at risk right now. Data retention spans vary dramatically across industries: a decade for financial records, 25+ years for pharmaceutical trials, lifetimes for healthcare, and 75+ years for classified government information. Further, the systems protecting this data or steering industrial plants often take 15-25 years to replace and make them quantum secure. If quantum preparedness is delayed, the quantum threat can manifest with dire consequences: imagine the impact of combining the Ashley Maddison breach, Panama Papers, and Wikileaks, all over the globe, all at the same time. In addition, quantum computing threatens the security of cryptocurrency, blockchain, and digital signatures. Thankfully, quantum preparedness is not the overwhelming technical challenge many assume. The foundations are the same security practices your organization should already be implementing: proper data governance and systematic risk management. – https://www.infosecurity-magazine.com/opinions/why-your-organization-should-start/
Future-Proofing Critical Infrastructure: National Gas CTO Darren Curley on IT/OT Security Integration
(Kevin Poireault – Infosecurity Magazine) As chief technology officer (CTO) of National Gas, Darren Curley oversee the technology strategy of one of the most critical entities in the UK, maintaining Britain’s high-pressure gas transmission system, transporting gas to homes, businesses and power stations through 5000 miles of pipeline. After a 30-plus-year career in IT architecture, Curley joined the company in 2022. He now works alongside National Gas’s CISO, Polly Cameron, to align the cybersecurity strategy across three domains: enterprise IT systems, industrial systems and critical national infrastructure (CNI) systems. – https://www.infosecurity-magazine.com/interviews/national-gas-cto-darren-curley-it/
Record Number of Ransomware Victims and Groups in 2025
(Phil Muncaster – Infosecurity Magazine) Security researchers observed a 30% annual increase in ransomware victims listed on extortion sites last year, with AI helping to lower the barrier to entry for new threat groups. Searchlight Cyber’s new report, Ransomware’s Record Year: Tracking a Volatile Landscape in H2 2025, tracked 7458 victims on dark web leak sites in 2025. These numbers were split virtually 50:50 between the first and second half of the year. To put the annual growth figure in perspective, victim numbers increased by just 13% between 2023 and 2024. – https://www.infosecurity-magazine.com/news/record-number-ransomware-victims/
China-linked APT weaponized Dell RecoverPoint zero-day since 2024
(Pierluigi Paganini – Security Affairs) Mandiant and Google’s Threat Intelligence Group (GTIG) reported that a suspected China-linked APT group quietly exploited a critical zero-day flaw in Dell RecoverPoint for Virtual Machines starting in mid-2024. “Mandiant and Google Threat Intelligence Group (GTIG) have identified the zero-day exploitation of a high-risk vulnerability in Dell RecoverPoint for Virtual Machines, tracked as CVE-2026-22769, with a CVSSv3.1 score of 10.0.” reads the report published by Google. “Analysis of incident response engagements revealed that UNC6201, a suspected PRC-nexus threat cluster, has exploited this flaw since at least mid-2024 to move laterally, maintain persistent access, and deploy malware including SLAYSTYLE, BRICKSTORM, and a novel backdoor tracked as GRIMBOLT.”. The vulnerability, tracked as CVE-2026-22769, involves hardcoded credentials and was abused to gain access to VMware backup systems. – https://securityaffairs.com/188176/apt/china-linked-apt-weaponized-dell-recoverpoint-zero-day-since-2024.html
Keenadu backdoor found preinstalled on Android devices, powers Ad fraud campaign
(Pierluigi Paganini – Security Affairs) Kaspersky has identified a new Android malware called Keenadu. It can be preinstalled in device firmware, hidden inside system apps, or even distributed via official stores like Google Play. Currently used for ad fraud by turning infected phones into click bots, some variants also allow attackers to gain full remote control of compromised devices. After uncovering the Triada backdoor in counterfeit Android firmware, researchers found another firmware-level threat called Keenadu. Like Triada, Keenadu embeds itself into the system during the build process, injects into the Zygote process, and infects every app launched on the device. It acts as a multi-stage loader, enabling full remote control, ad fraud, credential theft, and malicious payload delivery. The researchers reported that some infected firmware was even pushed via OTA updates and built into core system apps. Investigators also linked Keenadu to major Android botnets, including Triada, BADBOX, and Vo1d. – https://securityaffairs.com/188147/malware/keenadu-backdoor-found-preinstalled-on-android-devices-powers-ad-fraud-campaign.html
Doorbell cams, surveillance tech face growing backlash
(Sam Sabin – Axios) Sentiment around widely used home surveillance tools is souring as high-profile cases reveal just how deeply law enforcement can tap the data they generate. Why it matters: What once felt like a personal security upgrade now feels to many like participation in a broader law enforcement apparatus they didn’t sign up for. New AI advancements have made it easier to search, cross-reference and retain massive amounts of video and license plate data, raising the stakes of what once felt like localized neighborhood tools. Driving the news: A Super Bowl ad for Amazon’s Ring doorbell camera touting the ability of the device’s new Search Party feature to locate lost dogs has spurred widespread backlash. – https://www.axios.com/2026/02/17/doorbell-cams-and-surveillance-tech-face-growing-public-backlash
Hackers target supporters of Iran protests in new espionage campaign
(Daryna Antoniuk – The Record) Hackers believed to be aligned with Tehran are targeting supporters of Iran’s anti-government protests in a new cyberespionage campaign, researchers have found. The campaign, discovered by Swiss cybersecurity firm Acronis, began in early January, shortly after mass nationwide demonstrations erupted across Iran calling for an end to the Islamic Republic system. Researchers said the attackers likely took advantage of a spike in demand for information after authorities imposed sweeping internet blackouts across the country to limit coverage of the unrest. – https://therecord.media/hackers-target-iran-protest-supporters-cyber-campaign
Hackers claim Canada Goose breach but researchers reveal data is “several years old”
(Vilius Petkauskas – Cybernews) Attackers claim a Canada Goose breach exposed over 600k records, including emails, phone numbers, and partial payment data. Cybernews researchers analyzed samples and found duplicate entries, with most data dated between 2021 and 2023. Years-old PII can still enable phishing, identity theft, and fraud, though risks are tempered because details are not entirely new. – https://cybernews.com/security/canada-goose-data-breach-claims/
